- Broadcom grows revenues by 20% following VMware purchase, as customers fume about subscription costs
- How global threat actors are weaponizing AI now, according to OpenAI
- The viral Air Purifier Table is my smart home's MVP (and it's on sale for $179)
- Grab the Galaxy S25 Edge for $170 off and get a free Amazon gift card - but act fast
- How I learned to stop worrying and love my health tracker
US Military Personnel Warned of Malicious Smartwatches
Service members across the US military have reported receiving smartwatches unsolicited in the mail.
These smartwatches have Wi-Fi auto-connect capabilities and can connect to cell phones unprompted, gaining access to user data.
According to the US Criminal Investigation Division (CID), the smartwatches may also contain malware granting the sender access to saved data, including banking information, contacts and account information such as usernames and passwords.
Additionally, the presence of malware could enable unauthorized access to voice and camera functions, potentially compromising conversations and accounts linked to the smartwatches.
Read more on this type of malware: SpinOk Trojan Compromises 421 Million Android Devices
Officials have raised concerns that these products may be part of a tactic known as Brushing, which involves sending products, often counterfeit, to unsuspecting individuals in order to generate positive reviews in their name.
In response to the reports, CID urged recipients of unsolicited smartwatches to take immediate action.
“Do not turn the device on. Report it to your local counterintelligence, security manager, or through our Submit a Tip – Report a Crime reporting portal,” CID warned last week.
According to Melissa Bischoping, director of endpoint security research at Tanium, the technique is akin to attackers leaving random malicious USB devices around for curious victims to plug in.
“This ‘surprise smartwatch’ tactic leverages the same human curiosity and grants a threat actor access to some of your most sensitive personal information,” Bischoping added.
“As the adage goes, if it’s too good to be true, it probably is, and if you’re not paying for the product, you are the product.”
Gareth Lindahl-Wise, CISO at Ontinue, echoed Bischoping’s point, saying the dangers of fitness trackers disclosing the location of military personnel and installations were seen towards the end of the Afghan conflict.
“A wealth of personal information, such as emails, chats, location and banking information could be exposed […] which could lead to personal and corporate account compromise. These unsolicited ‘goodies’ must be reported and dealt with appropriately.”
